Abstract not found

this paper have been presented at the 4th European Summer School in Logic, Language and Information, University of Essex, 1992; at the Tempus Summer School for Algebraic and Categorical Methods in Computer Science, Masaryk University, Brno, 1993; and the Summer School in Logic Methods in Concurrency, Aarhus University, 1993. I would like to thank the organisers and the participants of these summer schools, and of the Banff higher order workshop. I would also like to thank Julian Bradfield for use of his Tex tree constructor for building derivation trees and Carron Kirkwood, Faron Moller, Perdita Stevens and David Walker for comments on earlier drafts.

Process preemption deals with controlling the life and death of concurrent processes. Well-defined preemption mechanisms are essential in control-dominated reactive and real-time programming, and accurate handling of preemption requires a time-dependent model. We first informally discuss what preemption is about and argue for the need of preemption primitives that are fully orthogonal with sequencing and concurrency ones. Then, we formally present the preemption operators of the Esterel zero-delay process calculus, which is a theoretical version of the Esterel synchronous programming language. 1 Introduction In concurrent systems, one deals with concurrent processes that coordinate with each other. Coordination can result from information exchange, using for example messages circulating on channels with possibly some implied synchronization. It can also result from process preemption, which is a more implicit control mechanism that consists in denying the right to work to a pro...

We present a new programming paradigm called Communicating Reactive Processes or CRP that unifies the capabilities of asynchronous and synchronous concurrent programming languages. Asynchronous languages such as CSP, Occam, or Ada are well-suited for distributed algorithms; their processes are loosely coupled and communication takes time. The Esterel synchronous language is dedicated to reactive systems; its processes are tightly coupled and deterministic, communication being realized by instantaneous broadcasting. Complex applications such as process or robot control require to couple both forms of concurrency, which is the object of CRP. A CRP program consists of independent locally reactive Esterel nodes that communicate with each other by CSP rendezvous. CRP faithfully extends both Esterel and CSP and adds new possibilities such as precise local watchdogs on rendezvous. We present the design of CRP, its semantics, a translation into classical process calculi for program verificatio...

We study in a first part of this paper safety and liveness properties for any given program semantics. We give a topological definition of these properties using a safety preorder. Then, we consider the case of branching time semantics where a program is modeled by a set of infinite computation trees modulo bisimulation. We propose and study a safety preorder for this semantics based on simulation and dealing with silent actions. We focus on regular safety properties and characterize them by both tree-automata and formulas of a branching time logic. We show that verifying safety properties on trees reduces to simulation testing. 1 Introduction The properties of parallel systems may be classified according to the type of behaviors they describe. Several classes of properties are distinguished such as safety, liveness, fairness, termination or recurrence properties. Such a classification allows structuring a program specification into several components; each of these components may be ...

JACK, standing for Just Another Concurrency Kit, is a new environment integrating a set of verification tools, supported by a graphical interface offering facilities to use these tools separately or in combination. The environment proposes several functionalities for the design, analysis and verification of concurrent systems specified using process algebra. Tools exchange information through a text format called Fc2. Users are able to graphically layout their specifications, that will be automatically converted into the Fc2 format and then minimised with respect to various kinds of equivalences. A branching time and action based logic, ACTL, is used to describe the properties that the specification must satisfy, and model checking of ACTL formulae on the specification is performed in linear time. A translator from Natural Language to ACTL formulae is provided, in order to simplify the job to describe the specification properties by ACTL formulae. A description of the graphical interface is given together with its functionalities and the exchange format used by the tools. As an example of use of JACK, we present a small case study within JACK, that covers both verification of a software system and verification of its properties.

The application of formal methods to the development of software depends on the availability of adequate models and formalisms for each of the stages of the development process. In this work, we focus on the level of design called Software Architecture. At this level, the system is described as a collection of interrelated components, and it is here where the properties derived from system’s structure can be naturally analyzed. Our approach uses process algebras as a formal basis for the description and analysis of software architectures. Process algebras are widely accepted for the specification of software systems. In particular π-calculus addresses the description of systems with a dynamic or evolving topology, and permits their analysis for bisimilarity and other interesting properties. Though bisimilarity determines the equivalence of behavior, more flexible relations are needed in the context of Software Engineering, in order to support formally the notions of conformance and refinement of behavior. In this paper we present a relation of compatibility in the context of π-calculus which formalizes the notion of conformance of behavior between software components. Our approach is enhanced with the definition of a relation of inheritance among processes. This relation preserves compatibility and indicates whether a process can be considered as a specialization or extension of another one. The suitability of our approach is shown by its application to the field of Software Architecture 1.

The expressive power of process algebras is investigated in a general setting of structural operational semantics. The notion of an effective operational semantics is introduced and it is observed that no effective operational semantics for an enumerable language can specify all effective process graphs up to trace equivalence. A natural class of Plotkin style SOS specifications is identified, containing the guarded versions of calculi like CCS, SCCS, Meije and ACP, and it is proved that any specification in this class induces an effective operational semantics. Using techniques introduced by Bloom, it is shown that for the guarded versions of CCS-like calculi, there is a double exponential bound on the speed with which the number of outgoing transitions in a state can grow. As a corollary of this result it follows that two expressiveness results of De Simone for Meije and SCCS depend in a fundamental way on the use of unguarded recursion. A final result of this paper is that all operators definable via a finite number of rules in a format due to De Simone, are derived operators in the simple process calculus PC. 1991 Mathematics Subject Classification: 68Q05, 68Q10, 68Q55, 68Q75, 03D20. 1991 CR Categories: D.3.1, D.3.3, F.1.1, F.1.2, F.3.2, F.4.1. Keywords & Phrases: process algebra, PC, labeled transition systems, process graphs, effective process graphs, effective operational semantics, structural operational semantics, expressiveness, bisimulation equivalence, trace equivalence, action transducers. Notes: Most of this work was carried out while the author was at the MIT Laboratory for Computer Science, supported by ONR contract N00014-85-K-0168. Part of this work took place in the context of the ESPRIT Basic Research Action 7166, CONCUR2. This p...

We present Persistent Turing Machines (PTMs), a new way of interpreting Turing-machine computation, one that is both interactive and persistent. A PTM repeatedly receives an input token from the environment, computes for a while, and then outputs the result. Moreover, it can \remember" its previous state (work-tape contents) upon commencing a new computation. We show that the class of PTMs is isomorphic to a very general class of eective transition systems, thereby allowing one to view PTMs as transition systems \in disguise." The persistent stream language (PSL) of a PTM is a coinductively dened set of interaction streams : innite sequences of pairs of the form (w i ; w o ), recording, for each interaction with the environment, the input token received by the PTM and the corresponding output token. We dene an innite hierarchy of successively ner equivalences for PTMs over nite interaction-stream prexes and show that the limit of this hierarchy does not coincide with PSL-equivalence. The presence of this \gap" can be attributed to the fact that the transition systems corresponding to PTM computations naturally exhibit unbounded nondeterminism. We also consider amnesic PTMs, where each new computation begins with a blank work tape, and a corresponding notion of equivalence based on amnesic stream languages (ASLs). We show that the class of ASLs is strictly contained in the class of PSLs. Amnesic stream languages are representative of the classical view of Turing-machine computation. One may consequently conclude that, in a stream-based setting, the extension of the Turing-machine model with persistence is a nontrivial one, and provides a formal foundation for reasoning about programming concepts such as objects with static elds. We additional...

this paper.